Я использовал ShrewSoft VPN для доступа к нескольким рабочим компьютерам.
Несколько дней назад пароль был изменен, поэтому я изменил его в настройках учетных данных.
С тех пор я не могу подключиться ни к одному из рабочих компьютеров, но все мои коллеги могут.
Есть 2 сценария:
- При попытке подключения я получаю это сообщение:
тайм-аут переговоров
Вот журнал обслуживания IKE для этого:
15/03/04 22:12:55 ii : rebuilding vnet device list ...
15/03/04 22:12:55 ii : device ROOT\VNET\0000 disabled
15/03/04 22:12:55 ii : network process thread begin ...
15/03/04 22:12:55 ii : pfkey process thread begin ...
15/03/04 22:12:55 ii : ipc server process thread begin ...
15/03/04 22:13:01 ii : ipc client process thread begin ...
15/03/04 22:13:01 <A : peer config add message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : proposal config message
15/03/04 22:13:01 <A : client config message
15/03/04 22:13:01 <A : local id 'myserver.company.com' message
15/03/04 22:13:01 <A : preshared key message
15/03/04 22:13:01 <A : remote resource message
15/03/04 22:13:01 <A : peer tunnel enable message
15/03/04 22:13:01 DB : peer added ( obj count = 1 )
15/03/04 22:13:01 ii : local address 192.168.0.100 selected for peer
15/03/04 22:13:01 DB : tunnel added ( obj count = 1 )
15/03/04 22:13:01 DB : new phase1 ( ISAKMP initiator )
15/03/04 22:13:01 DB : exchange type is aggressive
15/03/04 22:13:01 DB : 192.168.0.100:500 <-> REMOTEIP:500
15/03/04 22:13:01 DB : e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 DB : phase1 added ( obj count = 1 )
15/03/04 22:13:01 >> : security association payload
15/03/04 22:13:01 >> : - proposal #1 payload
15/03/04 22:13:01 >> : -- transform #1 payload
15/03/04 22:13:01 >> : key exchange payload
15/03/04 22:13:01 >> : nonce payload
15/03/04 22:13:01 >> : identification payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v00 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v01 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v02 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( draft v03 )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports nat-t ( rfc )
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local supports DPDv1
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SHREW SOFT compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is NETSCREEN compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is SIDEWINDER compatible
15/03/04 22:13:01 >> : vendor id payload
15/03/04 22:13:01 ii : local is CISCO UNITY compatible
15/03/04 22:13:01 >= : cookies e031c3fffcb0fd51:0000000000000000
15/03/04 22:13:01 >= : message 00000000
15/03/04 22:13:01 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
15/03/04 22:13:01 DB : phase1 resend event scheduled ( ref count = 2 )
15/03/04 22:13:06 -> : resend 1 phase1 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:11 -> : resend 1 phase1 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:16 -> : resend 1 phase1 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
15/03/04 22:13:21 ii : resend limit exceeded for phase1 exchange
15/03/04 22:13:21 ii : phase1 removal before expire time
15/03/04 22:13:21 DB : phase1 deleted ( obj count = 0 )
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : policy not found
15/03/04 22:13:21 DB : removing tunnel config references
15/03/04 22:13:21 DB : removing tunnel phase2 references
15/03/04 22:13:21 DB : removing tunnel phase1 references
15/03/04 22:13:21 DB : tunnel deleted ( obj count = 0 )
15/03/04 22:13:21 DB : removing all peer tunnel references
15/03/04 22:13:21 DB : peer deleted ( obj count = 0 )
15/03/04 22:13:21 ii : ipc client process thread exit ...
- Когда иногда говорят, что туннель включен, я не могу связаться ни с одним компьютером.
Вот журнал обслуживания IKE для этого:
22:16:08 ii : ipc client process thread begin ...
22:16:08 <A : peer config add message
22:16:08 <A : proposal config message
22:16:08 <A : proposal config message
22:16:08 <A : client config message
22:16:08 <A : local id 'myserver.company.com' message
22:16:08 <A : preshared key message
22:16:08 <A : remote resource message
22:16:08 <A : peer tunnel enable message
22:16:08 DB : peer added ( obj count = 1 )
22:16:08 ii : local address 192.168.0.100 selected for peer
22:16:08 DB : tunnel added ( obj count = 1 )
22:16:08 DB : new phase1 ( ISAKMP initiator )
22:16:08 DB : exchange type is aggressive
22:16:08 DB : 192.168.0.100:500 <-> REMOTEIP:500
22:16:08 DB : f232ff98c4937c18:0000000000000000
22:16:08 DB : phase1 added ( obj count = 1 )
22:16:08 >> : security association payload
22:16:08 >> : - proposal #1 payload
22:16:08 >> : -- transform #1 payload
22:16:08 >> : key exchange payload
22:16:08 >> : nonce payload
22:16:08 >> : identification payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v00 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v01 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v02 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( draft v03 )
22:16:08 >> : vendor id payload
22:16:08 ii : local supports nat-t ( rfc )
22:16:08 >> : vendor id payload
22:16:08 >> : vendor id payload
22:16:08 ii : local supports DPDv1
22:16:08 >> : vendor id payload
22:16:08 ii : local is SHREW SOFT compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is NETSCREEN compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is SIDEWINDER compatible
22:16:08 >> : vendor id payload
22:16:08 ii : local is CISCO UNITY compatible
22:16:08 >= : cookies f232ff98c4937c18:0000000000000000
22:16:08 >= : message 00000000
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 520 bytes )
22:16:08 DB : phase1 resend event scheduled ( ref count = 2 )
22:16:08 <- : recv IKE packet REMOTEIP:500 -> 192.168.0.100:500 ( 276 bytes )
22:16:08 DB : phase1 found
22:16:08 ii : processing phase1 packet ( 276 bytes )
22:16:08 =< : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 =< : message 00000000
22:16:08 << : security association payload
22:16:08 << : - propsal #1 payload
22:16:08 << : -- transform #1 payload
22:16:08 ii : matched isakmp proposal #1 transform #1
22:16:08 ii : - transform = ike
22:16:08 ii : - cipher type = aes
22:16:08 ii : - key length = 256 bits
22:16:08 ii : - hash type = sha1
22:16:08 ii : - dh group = group2 ( modp-1024 )
22:16:08 ii : - auth type = psk
22:16:08 ii : - life seconds = 28800
22:16:08 ii : - life kbytes = 0
22:16:08 << : key exchange payload
22:16:08 << : nonce payload
22:16:08 << : identification payload
22:16:08 ii : phase1 id match ( natt prevents ip match )
22:16:08 ii : received = ipv4-host REMOTEIP
22:16:08 << : hash payload
22:16:08 ii : nat-t is unsupported by remote peer
22:16:08 == : DH shared secret ( 128 bytes )
22:16:08 == : SETKEYID ( 20 bytes )
22:16:08 == : SETKEYID_d ( 20 bytes )
22:16:08 == : SETKEYID_a ( 20 bytes )
22:16:08 == : SETKEYID_e ( 20 bytes )
22:16:08 == : cipher key ( 32 bytes )
22:16:08 == : cipher iv ( 16 bytes )
22:16:08 == : phase1 hash_i ( computed ) ( 20 bytes )
22:16:08 >> : hash payload
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 00000000
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 52 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 DB : phase1 resend event canceled ( ref count = 1 )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 88 bytes )
22:16:08 == : phase1 hash_r ( computed ) ( 20 bytes )
22:16:08 == : phase1 hash_r ( received ) ( 20 bytes )
22:16:08 ii : phase1 sa established
22:16:08 ii : REMOTEIP:500 <-> 192.168.0.100:500
22:16:08 ii : f232ff98c4937c18:c65052785432b59d
22:16:08 ii : sending peer INITIAL-CONTACT notification
22:16:08 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:08 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:08 ii : - data size 0
22:16:08 >> : hash payload
22:16:08 >> : notification payload
22:16:08 == : new informational hash ( 20 bytes )
22:16:08 == : new informational iv ( 16 bytes )
22:16:08 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:08 >= : message 5c5ce9fa
22:16:08 >= : encrypt iv ( 16 bytes )
22:16:08 == : encrypt packet ( 80 bytes )
22:16:08 == : stored iv ( 16 bytes )
22:16:08 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:08 DB : config added ( obj count = 1 )
22:16:08 ii : configuration method is manual
22:16:08 DB : phase2 not found
22:16:08 ii : enabled adapter ROOT\VNET\0000
22:16:08 ii : adapter ROOT\VNET\0000 unavailable, retrying ...
22:16:09 ii : apapter ROOT\VNET\0000 MTU is 1380
22:16:09 ii : generating IPSEC security policies at UNIQUE level
22:16:09 ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:09 DB : policy added ( obj count = 1 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created NONE policy route for REMOTEIP/32
22:16:09 DB : policy added ( obj count = 2 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:09 DB : policy added ( obj count = 3 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:09 DB : policy added ( obj count = 4 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 ii : creating IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy added ( obj count = 5 )
22:16:09 DB : policy found
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : creating IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : created IPSEC policy route for VPN_LOCAL_IP/24
22:16:09 DB : policy added ( obj count = 6 )
22:16:09 K> : send pfkey X_SPDADD UNSPEC message
22:16:09 K< : recv pfkey X_SPDADD UNSPEC message
22:16:09 DB : policy found
22:16:09 ii : split DNS is disabled
22:16:12 K< : recv pfkey ACQUIRE UNSPEC message
22:16:12 DB : policy found
22:16:12 DB : policy found
22:16:12 DB : tunnel found
22:16:12 DB : new phase2 ( IPSEC initiator )
22:16:12 DB : phase2 added ( obj count = 1 )
22:16:12 K> : send pfkey GETSPI ESP message
22:16:12 K< : recv pfkey GETSPI ESP message
22:16:12 DB : phase2 found
22:16:12 ii : updated spi for 1 ipsec-esp proposal
22:16:12 DB : phase1 found
22:16:12 >> : hash payload
22:16:12 >> : security association payload
22:16:12 >> : - proposal #1 payload
22:16:12 >> : -- transform #1 payload
22:16:12 >> : nonce payload
22:16:12 >> : key exchange payload
22:16:12 >> : identification payload
22:16:12 >> : identification payload
22:16:12 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:12 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:12 == : new phase2 iv ( 16 bytes )
22:16:12 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:12 >= : message 4a2d1878
22:16:12 >= : encrypt iv ( 16 bytes )
22:16:12 == : encrypt packet ( 296 bytes )
22:16:12 == : stored iv ( 16 bytes )
22:16:12 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:12 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:17 -> : resend 1 phase2 packet(s) [0/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:22 -> : resend 1 phase2 packet(s) [1/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:27 -> : resend 1 phase2 packet(s) [2/2] 192.168.0.100:500 -> REMOTEIP:500
22:16:30 K< : recv pfkey ACQUIRE UNSPEC message
22:16:30 DB : policy found
22:16:30 DB : policy found
22:16:30 DB : tunnel found
22:16:30 DB : new phase2 ( IPSEC initiator )
22:16:30 DB : phase2 added ( obj count = 2 )
22:16:30 K> : send pfkey GETSPI ESP message
22:16:30 K< : recv pfkey GETSPI ESP message
22:16:30 DB : phase2 found
22:16:30 ii : updated spi for 1 ipsec-esp proposal
22:16:30 DB : phase1 found
22:16:30 >> : hash payload
22:16:30 >> : security association payload
22:16:30 >> : - proposal #1 payload
22:16:30 >> : -- transform #1 payload
22:16:30 >> : nonce payload
22:16:30 >> : key exchange payload
22:16:30 >> : identification payload
22:16:30 >> : identification payload
22:16:30 == : phase2 hash_i ( input ) ( 248 bytes )
22:16:30 == : phase2 hash_i ( computed ) ( 20 bytes )
22:16:30 == : new phase2 iv ( 16 bytes )
22:16:30 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:30 >= : message b4687a6c
22:16:30 >= : encrypt iv ( 16 bytes )
22:16:30 == : encrypt packet ( 296 bytes )
22:16:30 == : stored iv ( 16 bytes )
22:16:30 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 328 bytes )
22:16:30 DB : phase2 resend event scheduled ( ref count = 2 )
22:16:32 <A : peer tunnel disable message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC INBOUND policy ANY:VPN_LOCAL_IP/24:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing IPSEC OUTBOUND policy ANY:192.168.17.7:* -> ANY:VPN_LOCAL_IP/24:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed IPSEC policy route for ANY:VPN_LOCAL_IP/24:*
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:192.168.0.1:* -> ANY:192.168.17.7:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.17.7:* -> ANY:192.168.0.1:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE INBOUND policy ANY:REMOTEIP:* -> ANY:192.168.0.100:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 ii : removing NONE OUTBOUND policy ANY:192.168.0.100:* -> ANY:REMOTEIP:*
22:16:32 K> : send pfkey X_SPDDELETE2 UNSPEC message
22:16:32 ii : removed NONE policy route for ANY:REMOTEIP:*
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 5 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 4 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 3 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 2 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 1 )
22:16:32 K< : recv pfkey X_SPDDELETE2 UNSPEC message
22:16:32 DB : policy found
22:16:32 DB : policy deleted ( obj count = 0 )
22:16:32 ii : disable adapter ROOT\VNET\0000
22:16:32 DB : tunnel stats event canceled ( ref count = 5 )
22:16:32 DB : removing tunnel config references
22:16:32 DB : config deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase2 references
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 1 )
22:16:32 DB : phase2 resend event canceled ( ref count = 1 )
22:16:32 ii : phase2 removal before expire time
22:16:32 DB : phase2 deleted ( obj count = 0 )
22:16:32 DB : removing tunnel phase1 references
22:16:32 DB : phase1 soft event canceled ( ref count = 3 )
22:16:32 DB : phase1 hard event canceled ( ref count = 2 )
22:16:32 DB : phase1 dead event canceled ( ref count = 1 )
22:16:32 ii : sending peer DELETE message
22:16:32 ii : - 192.168.0.100:500 -> REMOTEIP:500
22:16:32 ii : - isakmp spi = f232ff98c4937c18:c65052785432b59d
22:16:32 ii : - data size 0
22:16:32 >> : hash payload
22:16:32 >> : delete payload
22:16:32 == : new informational hash ( 20 bytes )
22:16:32 == : new informational iv ( 16 bytes )
22:16:32 >= : cookies f232ff98c4937c18:c65052785432b59d
22:16:32 >= : message 66fddf83
22:16:32 >= : encrypt iv ( 16 bytes )
22:16:32 == : encrypt packet ( 80 bytes )
22:16:32 == : stored iv ( 16 bytes )
22:16:32 -> : send IKE packet 192.168.0.100:500 -> REMOTEIP:500 ( 120 bytes )
22:16:32 ii : phase1 removal before expire time
22:16:32 DB : phase1 deleted ( obj count = 0 )
22:16:32 DB : tunnel deleted ( obj count = 0 )
22:16:32 DB : removing all peer tunnel references
22:16:32 DB : peer deleted ( obj count = 0 )
22:16:32 ii : ipc client process thread exit ...
Вот что я вижу:
ОБНОВИТЬ:
Это журнал рабочего соединения:
ii : rebuilding vnet device list ...
ii : device ROOT\VNET\0000 disabled
ii : pfkey process thread begin ...
ii : ipc server process thread begin ...
ii : network process thread begin ...
ii : ipc client process thread begin ...
<A : peer config add message
<A : proposal config message
<A : proposal config message
<A : client config message
<A : local id 'myserver.company.com' message
<A : preshared key message
<A : remote resource message
<A : peer tunnel enable message
DB : peer added ( obj count = 1 )
ii : local address LOCALIP selected for peer
DB : tunnel added ( obj count = 1 )
DB : new phase1 ( ISAKMP initiator )
DB : exchange type is aggressive
DB : LOCALIP:500 <-> REMOTEIP:500
DB : 3cbc1e92c5a533c2:0000000000000000
DB : phase1 added ( obj count = 1 )
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : key exchange payload
>> : nonce payload
>> : identification payload
>> : vendor id payload
ii : local supports nat-t ( draft v00 )
>> : vendor id payload
ii : local supports nat-t ( draft v01 )
>> : vendor id payload
ii : local supports nat-t ( draft v02 )
>> : vendor id payload
ii : local supports nat-t ( draft v03 )
>> : vendor id payload
ii : local supports nat-t ( rfc )
>> : vendor id payload
>> : vendor id payload
ii : local supports DPDv1
>> : vendor id payload
ii : local is SHREW SOFT compatible
>> : vendor id payload
ii : local is NETSCREEN compatible
>> : vendor id payload
ii : local is SIDEWINDER compatible
>> : vendor id payload
ii : local is CISCO UNITY compatible
>= : cookies 3cbc1e92c5a533c2:0000000000000000
>= : message 00000000
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 520 bytes )
DB : phase1 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 276 bytes )
DB : phase1 found
ii : processing phase1 packet ( 276 bytes )
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 00000000
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
ii : matched isakmp proposal #1 transform #1
ii : - transform = ike
ii : - cipher type = aes
ii : - key length = 256 bits
ii : - hash type = sha1
ii : - dh group = group2 ( modp-1024 )
ii : - auth type = psk
ii : - life seconds = 28800
ii : - life kbytes = 0
<< : key exchange payload
<< : nonce payload
<< : identification payload
ii : phase1 id match ( natt prevents ip match )
ii : received = ipv4-host REMOTEIP
<< : hash payload
ii : nat-t is unsupported by remote peer
== : DH shared secret ( 128 bytes )
== : SETKEYID ( 20 bytes )
== : SETKEYID_d ( 20 bytes )
== : SETKEYID_a ( 20 bytes )
== : SETKEYID_e ( 20 bytes )
== : cipher key ( 32 bytes )
== : cipher iv ( 16 bytes )
== : phase1 hash_i ( computed ) ( 20 bytes )
>> : hash payload
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 00000000
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase1 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : phase1 hash_r ( computed ) ( 20 bytes )
== : phase1 hash_r ( received ) ( 20 bytes )
ii : phase1 sa established
ii : REMOTEIP:500 <-> LOCALIP:500
ii : 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : sending peer INITIAL-CONTACT notification
ii : - LOCALIP:500 -> REMOTEIP:500
ii : - isakmp spi = 3cbc1e92c5a533c2:8f1d0b7661933e0d
ii : - data size 0
>> : hash payload
>> : notification payload
== : new informational hash ( 20 bytes )
== : new informational iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 7061fc09
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 80 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 120 bytes )
DB : config added ( obj count = 1 )
ii : configuration method is manual
DB : phase2 not found
ii : enabled adapter ROOT\VNET\0000
ii : adapter ROOT\VNET\0000 unavailable, retrying ...
ii : apapter ROOT\VNET\0000 MTU is 1380
ii : generating IPSEC security policies at UNIQUE level
ii : creating NONE INBOUND policy ANY:REMOTEIP:* -> ANY:LOCALIP:*
DB : policy added ( obj count = 1 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating NONE OUTBOUND policy ANY:LOCALIP:* -> ANY:REMOTEIP:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created NONE policy route for REMOTEIP/32
DB : policy added ( obj count = 2 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : creating IPSEC INBOUND policy ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
DB : policy added ( obj count = 3 )
K> : send pfkey X_SPDADD UNSPEC message
ii : creating IPSEC OUTBOUND policy ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : created IPSEC policy route for VPN_IP/24
DB : policy added ( obj count = 4 )
K> : send pfkey X_SPDADD UNSPEC message
K< : recv pfkey X_SPDADD UNSPEC message
DB : policy found
ii : split DNS is disabled
K< : recv pfkey ACQUIRE UNSPEC message
DB : policy found
DB : policy found
DB : tunnel found
DB : new phase2 ( IPSEC initiator )
DB : phase2 added ( obj count = 1 )
K> : send pfkey GETSPI ESP message
K< : recv pfkey GETSPI ESP message
DB : phase2 found
ii : updated spi for 1 ipsec-esp proposal
DB : phase1 found
>> : hash payload
>> : security association payload
>> : - proposal #1 payload
>> : -- transform #1 payload
>> : nonce payload
>> : key exchange payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( input ) ( 248 bytes )
== : phase2 hash_i ( computed ) ( 20 bytes )
== : new phase2 iv ( 16 bytes )
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 296 bytes )
== : stored iv ( 16 bytes )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 328 bytes )
DB : phase2 resend event scheduled ( ref count = 2 )
<- : recv IKE packet REMOTEIP:500 -> LOCALIP:500 ( 300 bytes )
DB : phase1 found
ii : processing phase2 packet ( 300 bytes )
DB : phase2 found
=< : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
=< : message 907d2142
=< : decrypt iv ( 16 bytes )
== : decrypt packet ( 300 bytes )
<= : trimmed packet padding ( 8 bytes )
<= : stored iv ( 16 bytes )
<< : hash payload
<< : security association payload
<< : - propsal #1 payload
<< : -- transform #1 payload
<< : nonce payload
<< : key exchange payload
<< : identification payload
<< : identification payload
== : phase2 hash_r ( input ) ( 264 bytes )
== : phase2 hash_r ( computed ) ( 20 bytes )
== : phase2 hash_r ( received ) ( 20 bytes )
ii : matched ipsec-esp proposal #1 transform #1
ii : - transform = esp-aes
ii : - key length = 256 bits
ii : - encap mode = tunnel
ii : - msg auth = hmac-sha1
ii : - pfs dh group = group2 ( modp-1024 )
ii : - life seconds = 3600
ii : - life kbytes = 0
DB : policy found
K> : send pfkey GETSPI ESP message
ii : phase2 ids accepted
ii : - loc ANY:192.168.17.1:* -> ANY:VPN_IP/24:*
ii : - rmt ANY:VPN_IP/24:* -> ANY:192.168.17.1:*
ii : phase2 sa established
ii : LOCALIP:500 <-> REMOTEIP:500
== : phase2 hash_p ( input ) ( 41 bytes )
== : phase2 hash_p ( computed ) ( 20 bytes )
>> : hash payload
K< : recv pfkey GETSPI ESP message
>= : cookies 3cbc1e92c5a533c2:8f1d0b7661933e0d
DB : phase2 found
>= : message 907d2142
>= : encrypt iv ( 16 bytes )
== : encrypt packet ( 52 bytes )
== : stored iv ( 16 bytes )
DB : phase2 resend event canceled ( ref count = 1 )
-> : send IKE packet LOCALIP:500 -> REMOTEIP:500 ( 88 bytes )
== : PFS DH shared secret ( 128 bytes )
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
== : spi cipher key data ( 32 bytes )
== : spi hmac key data ( 20 bytes )
K> : send pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message
K< : recv pfkey UPDATE ESP message
Я уже переустановил программное обеспечение. Что пошло не так? Что я должен делать?